Network security is a great undertaking early on. The benefits to protecting your network are immediate as well as beneficial in the long term. However, the systems and practices which defend your organization and its network are not a “set it and forget it” machine. As threats are continually evolving, so must your defenses. Don’t let complacency set in to the point where you’re relying on an outdated cyber security infrastructure.
One component of a security plan that automatically outdates itself is antivirus software. While it is not enough to use SIEM alone, applications which defend the perimeter of your network by scanning for threats that fit its stored list of definitions is still a valid tactic. These applications are good at deflecting many known bots and known threats, unless software updates for definitions have lapsed. Outdated software is responsible for 9.3% malware infections of non-domain computers.
Running expired software will give you a false sense of security. Fortunately, outdated software is a very straight-forward problem to fix. Some updates can be loaded to a central console and set to sync to the definitions server automatically. In cases where computers have applications which prevent changes such as public browsing terminals, machines must be unfrozen and updated individually. Don’t let time consuming tasks prevent crucial maintenance; rather you should budget for the time and schedule the work regularly.
The email server can be a floodgate for trouble if not managed properly. Malware is often the first step in a hacker’s plan to get a foothold into a victim’s network. Once an initial error has occurred, installing malware via phishing for example, the whole system is compromised. Make sure you’re using a secure email server. Have strong password settings in place. Most importantly, encourage personal responsibility for individual email accounts. Have a protocol for evaluating unusual emails and forbid account sharing.
In general, you should be continually evaluating your strategy and practices before you have an outdated cybersecurity infrastructure. Here are the kinds of questions you should continually be asking:
Have new elements been added to the network?
Are we making use of our threat intelligence platform?
Does your configuration account for traffic created by mobile users?
Are the most sacred files sufficiently protected?
Even if an employee accesses cloud data from an infected home computer?
Are permissions current? Are procedures in place to ensure all employees credentials and email addresses are closed after they leave? Some businesses only remember to close this vulnerability when an employee makes a dramatic exit.
Outdated education is a problem for up to half of enterprises. Old information about the types of tactics hackers are using is as useful as outdated virus definitions. It’s a shame to waste effort on training sessions, presentations, and meetings if the information therein is outdated, inaccurate, or altogether lacking key topics.
Polls show only 46% of employers offer more education than a one-time refresher course. In order to remedy this, educators themselves must keep up on current best practices. Attending conferences allow security pros to immerse themselves and can help renew enthusiasm. Workshops, whitepapers and webinars are great for getting a deeper understanding of new threats and ways to combat them. Following cybersecurity blogs and reading trade publications should be done continually for consistent awareness. Learn how to get the most out of your particular tools by soliciting as much expertise from security vendor partners as possible.
Employees need continual ongoing education. The stakes are high enough that making a case for starting an education program should not be a hard sell. However, if there is a pushback, there is plenty of evidence that preventing ignorance-based vulnerabilities is a wise risk management strategy. If user education is not deemed important, you should consider the evidence that resolving a hack is very expensive and can take your business out of the game permanently.
Maintaining your cyber security infrastructure is an ongoing responsibility. Like maintaining a house, it is best to be proactive about keeping everything in good working order. If there is a possibility of a vulnerability or possible threat actor, address concerns before they become crises.
Dan is the Chief Marketing Officer at Anomali and leads the marketing and business development activities, bringing together his technical and background and business savvy. His career spans many sectors of security and many different roles.